ConfigMgr

The advisory explains the recently discovered vulnerabilities for self-encrypting drives. SED’s means that the drive is encrypted using the hardware instead of software only encryption provided by BitLocker Drive Encryption™.

The vulnerability was discovered by Carlo Meijer and Bernard van Gastel from the Radboud University in the Netherlands.

Verify encryption method using Powershell

Get-BitLockerVolume | select encryptionmethod,mountpoint,VolumeType

In this example, the device is not vulnerable since hardware encryption is not present.

This code smippet will return if the machine is vulnerable or not (compliant $true) (vulnerable $false) based on encryption method which can be used with SCCM to get an overview in larger Environments.$BitlockerVolume = Get-BitLockerVolume | select encryptionmethod,mountpoint,VolumeType,ProtectionStatus |? { $_.VolumeType -eq "OperatingSystem" -and $_.ProtectionStatus -eq "On" }

This work was done together with Jörgen Nilsson (https://ccmexec.com) who has a detailed post about this and how to use SCCM to get the current status of compliant devices which is linked to below. He also provided a cab-fil which can be imported

Jörgen Nilsson and I presented this on TechEd North America and we thougt it would be a good idea to share this information in a more written form.

The purpose of this guide is to get a quick start of how to run SQL Server Index Optimization for non-database administrators.

To maintain performance in a Database it is most often recommended to maintain the indexes in a database. All applications has different support statements and best practices so before you implement this please review the specific application. You also need to consider that doing this will generate lots of transactional logs so keep an eye out for disk space and make sure you schedule backups after the tasks has run.

If you don’t maintain your indexes for System Center Configuration Manager your system will eventually be slow and suffer from performance issues like slow updates of collections different status messages and so on. So it’s vital to maintain your indexes. I have written a step by step to implementing a great community script from Ola Hallengren to do this. To get you started.

First off you can run the IndexCheck script against the database you suspect has a high grade of defragmentation to display the actual fragmentation performance busters are most likely results with high page counts and high fragmentation.

1. Start SQL Management Studio and Login

2. Open the IndexCheck script. I usually add the extra statements provided below to the script from Ola

To Point out the Database to run against.

USE CM_S01

To sort the output in a more structured way by defragmentation I add

Order by AvgFragmentationInPercent desc

3. Execute the script and it will show you an output of the fragmentation level of the databases, as you see in the AvgFragmentationPercentage it will display the level.

4. OK, so now we see that we have defragmentation on our indexes, so SQL wise to maintain the Indexes there are three methods of doing that. And the solution will automatically choose depending on fragmentation level and if you have SQL Server Enterprise the “Rebuild Online” option will be available.

Reorganize (Kind of a defragmentation)

Rebuild (New indexes are created and rebuilt, NOTE: Its only available in SQL Server Enterprise)

Offline Rebuild (Same as B but it’s done offline)

5. Before we install the Maintenance solution we want to create a database in SQL we can use for logging the activities and saving our tasks in so we don’t put this information in any of the other databases.

6. In SQL Management Studio create a new Database.

7. Give it a Name and set the Size you want the database to have

8. Under Options change the Recovery Model to be Simple and press OK

9. Now when we have created a database to use for the solution we need to start the SQL Server Agent. Right click and start the Server Agent

10. Once it’s started we can open the MaintenanceSolution.sql and do the following edits.

Change Master to the Database name you selected earlier in my case SQL Maintenance

For the other values I suggest that you change the Backup Path to where you want to store the Backup Files the others I usually use the defaults for.

11. Execute the Script and verify that it has run successfully and that the jobs were created under SQL Server Agent

12. Now onto the IndexOptimize job which we need to configure.

By default the job runs on all your user databases on the Server so if you want to only run it on specified databases you need to configure that.

And you also need to set up this on a schedule, and my recommendation is to set it up on a weekly schedule at a time where you don’t have heavy load on the server.

NOTE: The first time you run the task I highly suggest that you have lots of time, we have seen that this task can take from minutes to several 10+ hours if the indexes are really defragmented and your SQL box is really performing well. So plan for that initial execution, once you have this running on a regular basis it will not take that long every time it runs.

13. To change the databases that the IndexOptimize task is run on right click on the job and select properties. Once in the properties go to the Steps section and select edit on the Step

14. To change it change the USER_DATABASES value to the preferred databases you want to run this against.

15. So to setup a schedule navigate to the schedule section and click New.

16. Once in the schedule setup the schedule you want and plan so that it doesn’t interfere with any of your other maintenance tasks like backup. Simply give it a name and configure desired schedule.

17. As we enabled the solution to Log to a Table we can explore what actions it has taken by simply reviewing the CommandLog Table. To show what has been going on in my environment run the command below. Where we can track how long Index optimization takes and if we have certain indexes what we frequently hit and so forth.

USE SQLMaintenance
select * from dbo.CommandLog

18. We are also getting log files on the Disk Drives and they are stored under the default SQL Server Installation directory under Log.

19. To maintain the solution itself there are some tasks to do cleanup so we don’t fill the CommandLog table with years of data and the disks with log files for years. So to cleanup all these activities I highly suggest that you configure these additional jobs so that you cleanup after the solution. You may want to adjust the steps in the Jobs to have it keep the activities for the period of time you want to have. By default it keeps the data for 30 days. As a recommendation set them to run on a weekly basis as well

20. So now we have scheduled and configured Index Optimization, is very important that you keep track of disk space and that you schedule backups after the tasks are run as they will generate transaction logs that may fill up your disks.

A Special thanks to fellow MVP Steve Thompson for inspiring me to use the separate Database when using the Maintenance Solution. Also Ola Hallengren for making such an awesome solution and sharing it. Powered by Community

We often talk about risks only in term.s of potential loss, but most risks have the potential for gain too. To manage cybersecurity as a business risk, we need to better understand the opportunities and risks of key business drivers The post Managing cybersecurity like a business risk: Part 1—Modeling opportunities and threats appeared first […]

Microsoft identity engineering has expanded product partnerships to help customers transform digitally with Azure AD-integrated solutions. The post 4 identity partnerships to help drive better security appeared first on Microsoft Security.

As secure remote work becomes the new normal, Microsoft security and Zscaler provide guidance on enabling Zero Trust starting with secure access. The post Zero Trust and its role in securing the new normal appeared first on Microsoft Security.

5 questions that will help you select open source software and 4 recommendations to smooth the internal approval process. Advice from the RSA 2020 panel discussion, Open Source: Promise, Perils and the Path Ahead. The post Build support for open source in your organization appeared first on Microsoft Security.

Your network is unique. It’s a living, breathing system evolving over time. The applications and users performing these actions are all unique parts of the system, adding degrees of disorder and entropy to your operating environment. The post Success in security: reining in entropy appeared first on Microsoft Security.

If an internet-connected device performs a non-critical function, why does it need to be highly secured? Because any device can be the target of a hacker, and any hacked device can be weaponized. The post Cybersecurity best practices to implement highly secured devices appeared first on Microsoft Security.

As part of this week’s Build virtual event, we’re introducing new Identity innovation to help foster a secure and trustworthy app ecosystem, as well as announcing a number of new capabilities in Azure to help secure customers. The post Microsoft Build brings new innovations and capabilities to keep developers and customers secure appeared first on […]

Cybersecurity provides the underpinning to operationally resiliency as more organizations adapt to enabling secure remote work options, whether in the short or long term. The post Operational resilience in a remote work world appeared first on Microsoft Security.

While the world faces the common threat of COVID-19, defenders are working overtime to protect users all over the globe from cyber-criminals using COVID-19 as a lure to mount attacks. The post Open-sourcing new COVID-19 threat intelligence appeared first on Microsoft Security.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.AcceptRead More